(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(19) World Intellectual Property Organization 

International Bureau 




(43) International Publication Date 0<» International Publication Number 

6 December 2001 (06.12.2001) PCT WO 01/92982 A2 



(51) International Patent Classification 7 : G06F 
CD International Application Number: PCT/TL0 1/00489 
ill) International Filing Date: 29 May 2001 (29.05.2001) 
<2«l filing Language: English 
<2*>) Publication Language: English 



iM*\ Priorit) Data: 



30 May 2000 (30.05.2000) US 



C\) Vnplitant and 

CI) I m color; CASPI, Moshe |!LrtL|; No. 75, 99750 Zelafon 
(II i 

<*M> \e*m: MILLER - SIERADZKI ADVOCATES & 
PVTT.NT ATTORNEYS; P.O. Box 6145, 31061 Haifa 
ill t 

(81) Deviated States (national): AE, AG, AL, AM, AT, AU, 
A/.. HA. KB. BG, BR, BY, BZ, CA, CH, CN, CO, CR, CU, 



CZ, DE, DK, DM, DZ, EC, EE, ES, H, GB, GD, GE, GH, 
GM, HR, HU, ID, IL, IN, IS, JP, KE, KG, KP, KR, KZ, LC, 
LK, LR. LS, LT, LU, LV, MA, MD, MG, MK, MN, MW, 
MX, MZ, NO, NZ, PL, PT, RO, RU, SD, SE, SG, SI, SK, 
SL, TJ, TM, TR, TT, TZ, UA, UG, US, UZ, VN, YU, ZA, 
ZW. 

(84) Designated States (regional): ARIPO patent (GH, GM, 
KE, LS, MW, MZ, SD, SL, SZ, TZ, UG, ZW), Eurasian 
patent (AM, AZ, BY, KG, KZ, MD, RU,TJ,TM), European 
patent (AT, BE, CH, CY, DE, DK, ES, FI, FR, GB, GR, IE, 
IT, LU. MC, NL, PT, SE, TR), OAPI patent (BF, BJ, CF, 
CG, CI, CM, GA, GN, GW, ML, MR, NE, SN, TD, TG). 

Published: 

— without international search report and to be republished 
upon receipt of that report 

For two-letter codes and other abbreviations, refer to the "Guid- 
ance Notes on Codes and Abbreviations'* appearing at the begin- 
ning of each regular issue of the PCT Gazette. 



=5 <54) Title: SYSTEM AND METHOD FOR SECURE TRANSACTIONS VIA A COMMUNICATIONS NETWORK 



QQ 



CUSTOMER 
d 






J 








, 1 














(57) Abstract: A method and a system for facilitating online commerce between a customer's computing device and a supplier's 
computing device, in cooperation with a validating computing device. Security-sensitive input/output operations are carried out at 
each end of the transaction by dedicated computing means, one for the customer and one for the supplier. The dedicted customer 
computing means is communication-connected lo the customer computing device and the supplier's dedicted computing means is 
communication-connected lo the supplier's c-commcrcc server and order-processing computer (separate connections). Encrypted 
messages pass between the dedicated devices via a validating third party. The tasks handled are: requesting customer confirmation; 
executing payment upon confirmation; and supplying goods or services. 
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SYSTEM AND METHOD FOR SECURE TRANSACTIONS VIA A 
COMMUNICATIONS NETWORK 

FIELD OF THE INVENTION 

The present invention relates to network data communications. More 
5 particularly, it relates to ensuring the security of transactions conducted over a 
communications network. 

BACKGROUND OF THE INVENTION 

Transactions carried out via a communications network must be protected 
from access by unauthorized parties. The protection must extend to the 
10 computers of both parties conducting the transaction as well as the 
communications network itself. A common example of such a transaction is 
where a customer purchases a good or service from a supplier's Web site, in 
other words an e-cdmmerce transaction. 
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The e-commerce transaction is vulnerable to any number of malicious 
interference on the part of unauthorized intruders, referred to herein as 
hackers. Some examples: A hacker can conduct an illegal transaction on the 
supplier Web site by remotely manipulating a legitimate customer's computer 
5 without that customer being aware of his doing so or by impersonating the 
customer after surreptitiously learning the customer's identification code or 
credit card number. Similarly a hacker can penetrate the supplier's Web site, 
sending bogus information to the customer or intercepting the customer's 
payment. In other words, the hacker can interfere with the information 
10 transferred between the two parties to the transaction, particularly regarding 
what the customer thinks he is buying, what the supplier thinks the customer 
is buying, whether the customer approves payment, and whether payment is 
received by the supplier. 

To protect against these and other illegal activities, the customer computer, 
15 the supplier Web site server computer, and the communications link must be 
made secure. The only way to guarantee 100% security for such a client- 
server architecture would be to create a completely closed system. This is 
almost never practical. In fact computers are built for flexibility and Internet 
protocols are designed for universality. 

20 Attempts have been made to improve security, but the solutions offered to 
date have only been partial in nature, protecting either the communication line 
or the computers themselves. Moreover, these partial solutions are usually 
expensive and require technical expertise. Presently, no single system exists 
that provides an all- encompassing, affordable, easy-to-use solution to the 

25 problem of securing electronic transactions, particularly via the Internet. 
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For example, software has been developed to encrypt the data transmitted 
between the customer's and supplier's computers, but this only protects 
against data interception on the communication line. Both the customer's and 
supplier's computers remain exposed to hackers who can potentially access 
5 information stored on them. 

Another solution has been to use a hardware interface in the customer's 
computer that can identify the computer and verify its identification to the 
supplier's computer. This solution does not adequately address the problem 
of hackers penetrating the customer computer's software through which the 
10 computer's input and output functions. 

US patent 5,883,810, awarded in 1999 to Franklin et al, and entitled 
"Electronic online commerce card with transaction proxy number for online 
transactions," describes an online commerce system where an issuing 
institution generates a temporary transaction number for a customer and 

15 associates it with the customer's permanent account number in a data record. 
The customer submits the transaction number to the merchant as a proxy for 
the customer account number. The merchant handles the transaction number 
in the same manner as any regular credit card number. When the merchant 
asks the issuing institution for verification, the issuing institution references 

20 the customer account number, using the transaction number as an index, 
processes the authorization request using the real customer account number 
in place of the proxy number, and sends an authorization reply back to the 
merchant under the transaction number. 

This system still does not prevent hackers from taking control of a customer's 
25 or supplier's computer either directly or via a virus-type of malicious program. 
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US patent no. 5,524,072, awarded in 1996 to Labaton et al, entitled "Methods 
and apparatus for data encryption and transmission" provides a portable 
hand-held module having the confidential data and a predetermined 
encryption algorithm embedded therein. The apparatus which receives the 
5 encrypted transmission is equipped with an interface computer having 
decryption circuitry in which the inverse of the forgoing encryption algorithm is 
embedded. 

The module includes input means for the customer to enter his order and a 
DTMF tone generator for communicating the customer order and ID number 

10 to a computer via that computer's microphone. While the tone generation is 
compatible with some aspects of telephony, it is limited for use with 
computers since it is unidirectional - from the customer to the computer. 
Furthermore, the customer is required to reenter transaction details himself as 
part of the confirmation process. This is tedious for the customer and creates 

15 the possibility of errors creeping in. 

In addition, this system does.not include any dedicated secure device for the 
supplier side of the transaction, nor does it provide for third party validation of 
the transaction, nor is their a mechanism for verifying that the information 
presented to the customer is valid. 
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The present invention is unique in that it is designed to provide full, 
affordable, easy-to-use security for electronic transactions. It completely 
prevents hackers from using the customer and supplier computers to access 
the critical parts of the transaction. This is accomplished by moving these 

5 parts, including encryption/decryption, out of the computers and into 
dedicated external computing devices. The external devices are connected to 
the computers via a secure communications protocol that limits the 
computer's access to the device to only predefined functions. No transaction 
is completed until the customer has approved it via the user input means of 

10 his external computing device. Therefore, it is physically impossible for a 
remote hacker to carry out an unauthorized transaction. 

Another advantage of the present invention is that any or all parts of the 
invention can be fully automated, operating without human intervention. 

The preferred embodiment of the present invention applies to e-commerce 
15 transactions via the Internet. The same principles can be applied in 
alternative embodiments for other forms of data transactions on other types of 
communications networks. 

BRIEF DESCRIPTION OF THE INVENTION 

There is thus provided in accordance with a preferred embodiment of the 
20 present invention, a method for facilitating online commerce between a 
customer's computing device and a supplier's computing device, in 
cooperation with a validating computing device, the method comprising the 
following steps: 
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a providing the customer with a dedicated computing means for 
security-critical parts of the transaction, the computing means having 
capabilities for encryption/decryption known only to the computing 
means and the validating computing device and having user 
input/output means, the customer's dedicated computing means 
communicating with the customer computing device; and 

b providing the supplier with a dedicated computing means for security- 
critical parts of the transaction, the computing means having 
capabilities for encryption/decryption known only to the computing 
means and the validating computing device, the supplier's computing 
means communicating with the supplier's computing device and, 
through a separate communications channel, with the supplier's 
order-filling computing means; and 

c requesting customer confirmation; and 

d executing payment upon confirmation; and 

e supplying goods or services, 

thereby facilitating online commerce between a customer and a supplier. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the requesting customer 
confirmation step comprises the following steps: 

a initially validating the customer order on the supplier's order-filling 
computing means; 

b encrypting the order with supplier's private code and sending a 
payment request to the validating computing device; 

c decrypting the order, encrypting with user's private code and sending 
to customer's dedicated computing means; 

d decrypting the order and outputting it to the customer; 

e the customer inputting his or her confirmation; 

f encrypting the confirmation and sending to the validating computing 
device; 
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Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the executing payment upon 
confirmation step comprises the following steps: 

a decrypting the customer confirmation; 

5 b notifying the customer's payment provider to execute payment; 

c receiving confirmation of payment from said payment provider; 

d encrypting payment confirmation and sending to supplier's dedicated 
computing means; 

Furthermore, in accordance with another preferred embodiment of the 
10 present invention, further comprising that the supplying goods or services 
step comprises the following steps: 

a decrypting the payment confirmation; 

b notifying supplier's order-filling computing means to execute order; 
c filling order by providing goods or services to customer. 

15 Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the supplier's order-filling computing 
means performs the further check of comparing order as confirmed with 
original order. 

Furthermore, in accordance with another preferred embodiment of the 
20 present invention, further comprising that the method is carried out 
automatically. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the requesting customer 
confirmation step, the executing payment upon confirmation step, and the 
25 supplying goods or services step are all carried out online. 
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Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the method is carried out over the 
Internet 

Furthermore, in accordance with another preferred embodiment of the 
5 present invention, further comprising that the method is carried out over an 
intranet 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the transaction is initiated at an e- 
commerce Web site. 

10 Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the method is carried out 
automatically. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the validating computing device 
15 maintains a copy of the transaction. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the validating computing device 
maintains a database about the transaction. 

Furthermore, in accordance with another preferred embodiment of the 
20 present invention, further comprising that all encrypted messages for a given 
order have a unique identifier known and checked by the suppliers order- 
filling computing means. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the customer's dedicated computing 
25 means is a stand-alone device. 
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Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the customer's dedicated computing 
means is integrated into a remote control unit, the customer's computing 
device is a Web-enabled television set, and the two are connected via a 
5 bidirectional communications means. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the customer's dedicated computing 
means is an electronic commerce card; 

Furthermore, in accordance with another preferred embodiment of the 
10 present invention, further comprising that the supplier's dedicated computing 
means is a stand-alone device. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the customer's dedicated computing 
means is provided with user access protection means. 

15 Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the customer input means on the 
customer's dedicated computing means is touch-based, as in a keyboard, 
keypad, or touchscreen and appropriate software. 

Furthermore, in accordance with another preferred embodiment of the 
20 present invention, further comprising that the customer input means on the 
customer's dedicated computing means is voice-based, as in a microphone 
and voice recognition software. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the means for output to the 
25 customer on the customer's dedicated computing means is display-based, as 
in an alpha-numeric or graphical display and appropriate software. 
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Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the means for output to the 
customer on the customer's dedicated computing means is to a port, as in a 
parallel port to a printer. 

5 Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the means for output to the 
customer is to a printer integrated into the customer means. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the customer has a public 
10 identification code. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the validating computing device 
provides the customer's dedicated computing means with an anonymous 
identification code. 

15 There is thus also provided in accordance with a preferred embodiment of the 
present invention, at a customer conducting an online transaction, a method 
for handling an order confirmation request from a validating computing 
device, comprising the following steps: 

a providing the customer with a dedicated computing means for 
20 security-critical parts of the transaction, the computing means having 



capabilities for encryption/decryption known only to the computing 
means and the validating computing device and having user 
input/output means, the customer's dedicated computing means 
communicating with the customer computing device; 



25 



b 



the dedicated computing means receiving an encrypted confirmation 
request from the validating computing device; 



d 



c 



decrypting the order and outputting it to the customer; 
the customer inputting his or her confirmation; 
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e encrypting the confirmation and sending to the validating computing 
device; 

There is thus also provided in accordance with a preferred embodiment of the 
present invention, at a supplier conducting an online transaction, a method for 
working with a validating computing device and an order-filling computing 
means to confirm, bill, and fill a customer order, comprising the following 
steps: 

a providing the supplier with a dedicated computing means for security- 
critical parts of the transaction, the computing means having 
capabilities for encryption/decryption known only to the computing 
means and the validating computing device, the supplier's computing 
means communicating with the supplier's computing device and, 
through a separate communications channel, with the supplier's 
order-filling computing means; 

b initially validating the customer order on the supplier's order-filling 
computing means; 

c encrypting the order with supplier's private code and sending payment 
request to the validating computing device; 

d decrypting payment confirmation received from validating computing 
device; 

e notifying supplier's order-filling computing means to execute order; 
f filling order by providing goods or services to customer. 

There is thus also provided in accordance with a preferred embodiment of the 
present invention, a method for facilitating online transactions between a 
customer's computing device and a supplier's computing device, in 
cooperation with a validating computing device, the method comprising the 
following steps: 
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a providing the customer with a dedicated computing means for 
security-critical parts of the transaction, the computing means having 
capabilities for encryption/decryption known only to the computing 
means and the validating computing device and having user 
5 input/output means, the customer's dedicated computing means 

communicating with the customer computing device; 

b providing the supplier with a dedicated computing means for security- 
critical parts of the transaction, the computing means having 
capabilities for encryption/decryption known only to the computing 
10 means and the validating computing device, the supplier's computing 

means communicating with the supplier's computing device and, 
through a separate communications channel, with the supplier's 
order-filling computing means; 
c requesting customer confirmation, comprising the following steps: 
15 i initially validating the customer order on the supplier's order-filling 

computing means; 

ii encrypting the order with supplier's private code and sending a 
payment request to the validating computing device; 

iii decrypting the order, encrypting with user's private code and 
20 sending to customer's dedicated computing means; 

iv decrypting the order and outputting it to the customer; 

v the customer inputting his or her confirmation; 

vi encrypting the confirmation and sending to the validating 
computing device; 

25 d executing payment upon confirmation, comprising the following steps: 

i initially validating the customer order on the supplier's order-filling 
computing means; 

ii decrypting the customer confirmation; 

iii notifying the customer's payment provider to execute payment; 
30 iv receiving confirmation of payment from said payment provider; 

v encrypting payment confirmation and sending to supplier's 
dedicated computing means; 
a) and supplying the goods or services, comprising the following steps: 
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i decrypting the payment confirmation; 

ii notifying supplier's order-filling computing means to execute 
order; 

iii filling order by providing goods or services to customer. 

5 There is thus also provided in accordance with a preferred embodiment of the 
present invention, a system for facilitating online transactions between a 
customer's computer device and a supplier's computing device, in 
cooperation with a validating computing device, the system comprising the 
following: 

10 a a dedicated customer computing device for security-critical parts of 
the transaction, the computing device having capabilities for 
encryption/decryption known only to the computing device and the 
validating computing device and having user input/output device, the 
customer's dedicated computing device communicating with the 

15 customer computing device and programmed to receive an order 

confirmation request, decrypt the request, output the request to the 
user (customer), receive the customer's response (input) to the 
confirmation request, encrypt the customer response; and send the 
response to the validating computing device; 

20 b a dedicated supplier computing device for security-critical parts of the 
transaction, the computing device having capabilities for 
encryption/decryption known only to the computing device and the 
validating computing device, the supplier's computing device 
communicating with the supplier's computing device and, through a 

25 separate communications channel, with the supplier's order-filling 

computing device and programmed to receive a customer order from 
the supplier's transaction site, encrypt an order and payment 
confirmation request, send the request to the validating computing 
device; receive order and payment confirmed message from the 

30 validating computing device, and notify the order-filling computing 

device to fill the order. 
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c the validating computing device being configured to receive an order 
and payment confirmation request from the dedicated supplier 
computing device, decrypt the request, encrypt an order confirmation 
request for the customer, send the request to the customer, receive 
the customer's response, decrypt the response, notify the customer's 
payment provider to execute payment, receive confirmation of 
payment from said payment provider; encrypt an order and payment 
confirmed message, and send said message to the dedicated 
supplier computing device. 

There is thus also provided in accordance with a preferred embodiment of the 
present invention, a system for facilitating online commerce between a 
customer's computing device and a supplier's computing device, in 
cooperation with a validating computing device, the system comprising the 
following: 

a providing the customer with a dedicated computing device for 
security-critical parts of the transaction, the computing device having 
capabilities for encryption/decryption known only to the computing 
device and the validating computing device and having user 
input/output device, the customer's dedicated computing device 
communicating with the customer computing device; and 

b providing the supplier with a dedicated computing device for security- 
_ ... critical parts of the transaction, the computing device having 
capabilities for encryption/decryption known only to the computing 
device and the validating computing device, the supplier's computing 
device communicating with the supplier's computing device and, 
through a separate communications channel, with the supplier's 
order-filling computing device; and 

c requesting customer confirmation; and 

d executing payment upon confirmation; and 

e supplying goods or services. 
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Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the confirmation comprises the 
following: 

a initially validating the customer order on the supplier's order-filling 
computing device; 

b encrypting the order with supplier's private code and sending a 
payment request to the validating computing device; 

c decrypting the order, encrypting with user's private code and sending 
to customer's dedicated computing device; 

d decrypting the order and outputting it to the customer; 

e the customer inputting his or her confirmation; 

f encrypting the confirmation and sending to the validating computing 
device; 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that executing payment upon 
confirmation comprises the following: 

a decrypting the customer confirmation; 

b notifying the customer's payment provider to execute payment; 

c receiving confirmation of payment from said payment provider; 

d encrypting payment confirmation and sending to supplier's dedicated 
computing device; — 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the supplying goods or services 
comprises the following: 

a decrypting the payment confirmation; 

b notifying supplier's order-filling computing device to execute order; 
c filling order by providing goods or services to customer. 
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Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the supplier's order-filling computing 
device performs the further check of comparing order as confirmed with 
original order. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the system is automatic. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the requesting customer 
confirmation, the executing payment upon confirmation, and the supplying 
goods or services are all carried out online. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the system is implemented over the 
Internet. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the system is implemented oyer an 
intranet. 

Furthermore, in accordance with another preferred embodiment, of the 

present invention, further comprising that the validating computing device 
maintains a copy of the transaction. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the validating computing device 
maintains a database about the transaction. 
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Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that all encrypted messages for a given 
order have a unique identifier known and checked by the supplier's order- 
filling computing device. 

5 Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the transaction is initiated at an e- 
commerce Web site. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the system is carried out 
10 automatically. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the customer's dedicated computing 
device is a stand-alone device. 

Furthermore, in accordance with another preferred embodiment of the 
15 present invention, further comprising that the customer's dedicated computing 
device is integrated into a remote control unit, the customer's computing 
device is a Web-enabled television set, and the two are connected via a 
bidirectional communications.device. . : Z 1 '~ \ 

Furthermore, in accordance with another preferred embodiment of the 
20 present invention, further comprising that the customer's dedicated computing 
device is an electronic commerce card; 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the supplier's dedicated computing 
device is a stand-alone device. 
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Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the customer's dedicated computing 
device is provided with user access protection device. 

Furthermore, in accordance with another preferred embodiment of the 
5 present invention, further comprising that the customer input device on the 
customer's dedicated computing device is touch-based, as in a keyboard, 
keypad, or touchscreen and appropriate software. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the customer input device on the 
10 customer's dedicated computing device is voice-based, as in a microphone 
and voice recognition software. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the device for output to the 
customer on the customer's dedicated computing device is display-based, as 
15 in an alpha-numeric or graphical display and appropriate software. 

Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the device for output to the 
customer on the customer's dedicated computing device is to a port, as in a 
parallel port to a printer. 

20 Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the device for output to the 
customer is to a printer integrated into the customer device. 

Furthermore, in accordance with another preferred embodiment of the 
• present invention, further comprising that the customer has a public 
25 identification code. 
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Furthermore, in accordance with another preferred embodiment of the 
present invention, further comprising that the validating computing device 
provides the customer's dedicated computing device with an anonymous 
identification code. 

There is thus also provided in accordance with a preferred embodiment of the 
present invention, at a customer conducting an online transaction, a system 
for handling an order confirmation request from a validating computing 
device, comprising the following : 

a providing the customer with a dedicated computing device for 
security-critical parts of the transaction, the computing device having 
capabilities for encryption/decryption known only to the computing 
device and the validating computing device and having user 
input/output device, the customer's dedicated computing device 
communicating with the customer computing device; 

b the dedicated computing device receiving an encrypted confirmation 
request from the validating computing device; 

c decrypting the order and outputting it to the customer; 

d the customer inputting his or her confirmation; 

e encrypting the confirmation and sending to the validating computing 
device; 

There is thus also provided in accordance with a preferred embodiment of the 
present invention, at a supplier conducting an online transaction, a system for 
working with a validating computing device and an order-filling computing 
device to confirm, bill, and fill a customer order, comprising the following : 
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a providing the supplier with a dedicated computing device for security- 
critical parts of the transaction, the computing device having 
capabilities for encryption/decryption known only to the computing 
device and the validating computing device, the supplier's computing 
device communicating with the supplier's computing device and, 
through a separate communications channel, with the supplier's 
order-filling computing device; 

b initially validating the customer order on the supplier's order-filling 
computing device; 

c encrypting the order with supplier's private code and sending payment 
request to the validating computing device; 

d decrypting payment confirmation received from validating computing 
device; 

e notifying supplier's order-filling computing device to execute order; 
f filling order by providing goods or services to customer. 

There is thus also provided in accordance with a preferred embodiment of the 
present invention, a system for facilitating online transactions between a 
customer's computing device and a supplier's computing device, in 
cooperation with a validating computing device, the system comprising the 
following : 

a providing the customer with a dedicated computing device for 
security-critical parts of the transaction, the computing device having 
capabilities for encryption/decryption known only to the computing 
device and the validating computing device and having user 
input/output device, the customer's dedicated computing device 
communicating with the customer computing device; 
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b providing the supplier with a dedicated computing device for security- 
critical parts of the transaction, the computing device having 
capabilities for encryption/decryption known only to the computing 
device and the validating computing device, the suppliers computing 
5 device communicating with the supplier's computing device and, 

through a separate communications channel, with the supplier's 
order-filling computing device; 
c requesting customer confirmation, comprising the following: 

i initially validating the customer order on the supplier's order-filling 
10 computing device; 

ii encrypting the order with supplier's private code and sending a 
payment request to the validating computing device; 

iii decrypting the order, encrypting with user's private code and 
sending to customer's dedicated computing device; 

15 iv decrypting the order and outputting it to the customer; 

v the customer inputting his or her confirmation; 

vi encrypting the confirmation and sending to the validating 
computing device; 

d executing payment upon confirmation, comprising the following: 
20 i initially validating the customer order on the supplier's order-filling 

computing device; 

ii decrypting the customer confirmation; 

iii notifying the customer's payment provider to execute payment; 

iv receiving confirmation of payment from said payment provider; 

25 v encrypting payment confirmation and sending to supplier's 

dedicated computing device; 
e and supplying the goods or services, comprising the following: 

i decrypting the payment confirmation; 

ii notifying supplier's order-filling computing device to execute 
30 order; 

iii filling order by providing goods or services to customer. 
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BRIEF DESCRIPTION OF THE FIGURES 



FIG. 1 is a general block diagram of a system for secure electronic 

transactions in accordance with a preferred embodiment of the 
present invention. 



5 FIG. 2A is a block diagram of a dedicated customer computing device for 
secure electronic transactions integrated into a bidirectional remote 
control unit of a Web-enabled television set in accordance with an 
alternative embodiment of the present invention. 



FIG. 2B is a block diagram of a dedicated customer computing device for 
10 secure electronic transactions with a second communications port 

connected to an external printer in accordance with an alternative 
embodiment of the present invention. 



FIG. 3A is the first part of a flowchart showing the operation of a system for 
secure electronic transactions in accordance with a preferred 
15 embodiment of the present invention. 

FIG. 3B is the second part of a flowchart showing the operation of a system 
for secure electronic transactions in accordance with a preferred 
embodiment of the present invention. 



FIG. 3C is the third part of a flowchart showing the operation of a system for 
20 secure electronic transactions in accordance with a preferred 

embodiment of the present invention. 

FIG. 3D is the fourth part of a flowchart showing the operation of a system 
for secure electronic transactions in accordance with a preferred 
embodiment of the present invention. 
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FIG. 3E is the fifth part of a flowchart showing the operation of a system for 
secure electronic transactions in accordance with a preferred 
embodiment of the present invention. 

DETAILED DESCRIPTION OF THE INVENTION 



The preferred embodiment of the present invention comprises a number of 
hardware and software components. When a component is introduced in this 
detailed description, its full name and acronym are given. Thereafter the 
acronym is used in the description and in the drawings. The components, 



acronyms 


and reference numbers are also listed below. 


REF: NO. 


ACRONYM 


FULL DESCRIPTION 


10 




- Customer 


12 


CCIS 


- Customer Computer Interface Software. 


14 


CIU 


- Customer Interface Unit. 


16 


CPCN 


- Customer Public Code Number. 


18 


CSCIB 


- Customer Standard Computer with Internet 






Browser 


20 


OC 


- Order Computer. 


22 


RTCN 


- Random Transaction Code Number. 


23 




- Supplier 


24 


SIU 


- Supplier Interface Unit. 


26 


SIWS 


- Supplier Internet Web Site 


28 


SWSIS 


- Supplier Web Site Interface Software. 


39 




- Validator . ,. 


40 


VC 


- Validation Computer 


41 


BC 


- Bank Computer 



Reference is now made to FIG. 1 , which is a block diagram of a system and 
method for secure data transactions over a communications network in 
accordance with a preferred embodiment of the present invention. 
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The system is based on three primary entities: a Customer 10, who initiates 
the transaction, a Supplier 23, who provides a good, service, or other benefit 
to the Customer, and a Validator 39 who acts as an intermediary between the 
two for purposes of validating and processing confidential information, such 
5 as the identity of the Customer and payment execution. A fourth entity is a 
bank or other payment authority, which is executes payment from Customer 
10 to Supplier 23, upon request by Validator 39. 

Both the Customer 10 and the Supplier 23 have a dedicated computing 
device for conducting sensitive steps in the transaction. Each of these 
10 dedicated computing devices has a private key and a public ID number. The 
private key is known only to the dedicated computing device and to the 
Validator 39. 

The Validator 39 is the entity that maintains a record of the keys of the two 
types of dedicated computing devices. A device's key could typically be 

15 embedded by the Validator before distributing the device to a Customer 10 or 
Supplier 23. Upon purchase or installation of the device, the Customer 10 or 
Supplier 23 would register himself with the Validator 39. Or other methods 
and systems known to those familiar with the art can be used to embed the 
private keys and register the Customer 10 and Supplier 23 with the Validator 

20- 39. 



The present invention involves encrypted messages sent over a secure 
channel. In the preferred embodiment described herein, decryption is 
accomplished using public and private keys. Other methods and systems 
could equally be used to achieve this functionality, such as doing without 
25 public keys and instead having the decrypting device simply try every private 
key until it finds the correct one. 



WO 01/92982 



PCT/ILO 1/00489 



25 

It is a major purpose of the present invention to enable Customer and 
Supplier to carry out encryption/decryption procedures and sensitive 
input/output procedures on their respective dedicated computing devices, 
thereby eliminating access to these procedures to third parties. In particular 
5 this prevents malicious individuals from interfering with the transaction at the 
endpoints (Customer's Internet browser and Supplier's Web site). 

The Customer 10 uses a Customer Standard Computer with an Internet 
Browser (CSCIB) 18. The CSCIB 18 is a computing device with Internet 
access (Web browsing capability) and having a local communications port 
10 (such as a serial port) 11. In the preferred embodiment of the present 
invention the CSCIB 18 Is a personal computer but it can be any computing 
device with these capabilities, for example, a Web-enabled cellular phone. 



In the preferred embodiment of the present invention, the customer's 
transaction takes place at a Supplier's Web site accessed via the Internet. 
15 Alternatively, other means for electronic commerce can be used, such as an 
intranet or a proprietary e-commerce application. 

The Customer Interface Unit (CIU) 14 is connected to the CSCIB's 18 local 
communications port 11. The CIU 14 is the dedicated computing device for 
the Customer side of the transaction. The CIU 14 includes a means for user 
20 input, (which in the preferred embodiment is a keypad), and a means for 
output to the user, (which in the preferred embodiment is a display). 

The CIU 14 output can alternatively, or additionally, be to a printer 15. In FIG. 
2A the printer 15 is connected to a second communications port on the CIU 
14. Alternatively, the printer 15 could be integrated into the CIU 14. 



25 The CSCIB 18 software that communicates with the CIU 14 is a dedicated 
software module, the Customer Computer Interface Software (CCIS) 12. 
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The CIU 14 includes an encryption/decryption algorithm embedded with the 
unique private key for that particular CIU. 

The CIU 14 transmits and receives encrypted messages via the CSCIB 18 
and the Internet. 

5 The CIU 14 can optionally include electronic means for identifying the 
Customer before allowing him access. Such means are well known, such as 
personal identification code, fingerprint, voice, or retinal pattern. 

In the preferred embodiment of the present invention, the CIU 14 is a 
standalone device. Alternatively, the CIU 14 can be integrated into the CSCIB 
10 18 or into another device, such as a cellular telephone or smart card. If the 
CIU 14 is integrated into another device, it must be implemented such that its 
hardware and software are independent of the rest of the device, with only a 
restricted communication channel connecting the two. 

The primary function of the CIU 14 is to enable secure user I/O, including 
15 encryption/decryption. In the preferred embodiment of the present invention, 
the other operations required: messaging and browsing via the Internet, are 
done via the CSCIB 18. 

Alternatively, the functions of the CSCIB 18 can be integrated into the CIU 14 
(as separate hardware and software), or both the CIU 14 and CSCIB 18 can 
20 be integrated into a third device, such as a cellular telephone. In that case, 
again, the CIU 14 functionality is implemented as separate hardware and 
software, connecting to the rest of the device only through a limited 
communications channel. 
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FIG. 2B is an alternative embodiment of the present invention where the CIU 
14 is integrated into a remote control unit for a Web-enabled television set, 
where the television set is used for the CSCIB 18 parts of the transaction. The 
communications link between the remote control unit and the television set is 
5 bidirectional. 

Returning to FIG. 1, the CSCIB 18 is used by the Customer to perform the 
noncritical e-commerce tasks, such as item selection. However encrypted 
Internet messages related to the transaction are handled only by the CIU 14. 
For such encrypted messages the CSCIB 18 is merely a bidirectional 
10 channel, connecting to the CIU 14 the local communications port 11 at one 
end and to the Internet at the other end. 

Encrypted transaction confirmation requests are decrypted by the CIU 14 and 
displayed on its display. The Customer views the information and enters his 
responses via the ClU's 14 keypad. 

15 The CIU 14 encrypts the information and transmits it via the local 
communications port 11 of the CSCIB 18 to the Validation Center 40, as 
described later in this specification. 

The Supplier Internet Web Site (SIWS) 26 is an e-commerce Web site 
running on a Web server on the Internet. The SIWS 26 has a first 
20 bidirectional communications connection 21 to an external computing device 
called the Supplier Interface Unit (SIU) 24. The software that manages the 
communication on the SIWS 26 side is referred to herein as the Supplier Web 
Site Interface Software SWSIS 28 module. 

The SIU 24 runs an encryption/decryption algorithm embedded with a unique 
25 private key for that particular SIU 24. The SIU 24 is able to receive and 
transmit encrypted messages via the SIWS 26 over the Internet. 
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The SIU 24, in addition to having a first bidirectional communications 
connection 21 to the SIWS 26, has a second bidirectional communications 
connection 23 to one or more computing devices called the Order 
Computer(s) (OC) 15. The OC 15 is used to verify that the Customer has not 

5 been fooled by someone tampering with the Supplier's Web site (i.e., that the 
product, the price, etc. in the Customer order are identical to what is being 
offered on the SIWS 26). Another task of the OC 1 5 is to fill the order 
(through the Supplier's standard order fulfillment system, once Customer 
confirmation has been received from the VC 40 (described later) via the SIU 

10 24. A third task of the OC 1 5 is to ensure that each order passing through the 
system has a unique identifier and then to look for that identifier in the final 
payment confirmation received from the VC 40. The purpose here is to keep 
each order processed unique and thereby prevent an unauthorized resend of 
a previously sent confirmation message somewhere in the system. In the 

15 preferred embodiment of the present invention, this identifier is a unique order 
number added by the OC 1 5 to the transaction details. 

The tasks of the OC 15 can be done by the same OC 15 or by different OCs 
15. 

The SIU 24 receives transaction details from the SIWS 26, requests initial 
20 verification and unique order number from the OC 1 5, and after encrypting the 
transaction details and order number, transmits them to the Validation Center 
(VC) 40 via the SIWS 26 and the Internet. It will be noted that the SIU acts as 
a buffer between the SIWS 26, which is open to the Internet and the OC 15, 
which contains sensitive information. 
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The VC 40 is a computing device connected to the Internet that holds all 
Customer and Supplier private keys indexed to their public ID numbers. The 
VC 40 receives encrypted order messages from the SIU 24, decodes them 
using the Supplier's public ID number, validates them (i.e., checks that the 
5 Customer exists, that the Supplier exists, that the order meets basic criteria 
such as being within the Supplier's and Customer's credit range, etc.), 
encrypts an order confirmation request (including order number) using the 
Customer's private key, and sends the encrypted request to the CIU 14 via 
the Internet and the CSCWB 18 for Customer confirmation. 

10 The CIU 14 decrypts the request and displays it. The Customer responds by 
entering his confirmation/rejection to the CIU, which the CIU 14 then encrypts 
(including the unique order number) using the Customer's private key and 
sends back to the VC 40. 



In the case of a confirmation, the VC 40 contacts the bank or other payment 
15 authority 41 and requests the payment. This part of the transaction follows 
standard payment execution procedures, such as those used for credit card 
payments. Upon notification of payment, the VC 40 then encrypts a validation 
confirmed message (including the unique order number) using the Supplier's 
private key and sends it to the SIU 24. The SIU decrypts the validation 
20 message and sends the validation message to the OC 15. The OC 15, 
performs a final check, verifying that the unique order number is correct, then 
executes the transaction, e.g., ships the goods. 
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It is important to note that, while in the preferred embodiment of the present 
invention the CIU 14 and the SIU 24 are physical devices, this is not a 
requirement. What is a requirement is that they have the functionality defined 
in this disclosure. In the case of the CIU 14, this functionality consists, as 

5 mentioned, of dedicated encryption/decryption and user input/output for 
security-critical transaction steps, together with a limited communications 
channel to the CSCIB 18. The purpose being to eliminate outside access to 
operations performed with the CIU 14. In the case of the SIU 24, the 
functionality consists, as mentioned, of dedicated encryption/decryption 

10 together with a limited communications channel to the SIWS 26 and the OC 
20. As long as these separate, protected functionalities are enabled, the 
implementation does not have to be physically separated from the other parts 
of the respective Customer 10 or Supplier 23 computing devices. For 
example, the CIU 14 could be integrated into the CSCIB 18 or into a third 

15 device, such as a cellular phone. 

Reference is now made to FIG. 3A to FIG. 3E, which is a flow chart describing 
the operation of a system for secure data transactions over a communications 
network in accordance with a preferred embodiment of the present invention. 
The flowchart extends across the figures. The continuation of the chart from 
20 figure to figure is indicated by ending a flowchart with a letter, for example B 
in FIG. 3A and then starting the next flowchart with that letter (i.e., B at the top 
of FIG. 3B). 

In step 60, a Customer uses a Customer Standard Computer with an Internet 
Browser (CSCIB) 18 to shop at a Supplier Internet Web Site (SIWS) 26. In 
25 step 62, he decides to purchase an item. 
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In step 64, the Customer selects the item and issues a purchase order (e.g., 
checks out his shopping cart). As part of the transaction, the Customer 10 
must be identified to the Supplier 23 by his Customer Public Code Number 
(CPCN) 16, which can be entered by the Customer himself, taken from the 
5 CSCIB 18 as a cookie or similar automatic means, or taken from the CIU 14. 
If the Customer wishes to remain anonymous, he can instead use a Random 
Transaction Code Number (RTCN) 22, a one-time, or limited-time, code 
provided by the VC 40. 

The idea of the RTCN 22 is to enable the Customer the option of requesting 
10 an anonymous public code from the Validation Center. For example, a 
Customer might want to preserve his anonymity for one or more transactions. 
The RTCN 22 is used in place of the CPCN 16 for the transaction. How the 
CIU gets the RTCN 22 can be done any number of ways. It can be done as a 
request from the CIU to the VC at the time of the transaction, a new RTCN 22 
15 can be automatically maintained in a buffer in the CIU 14 by the VC, etc. 

The CPCN 16 or RTCN 22 is sent by the CSCIB 18 to the SIWS 26 as part 
of the order. The Customer 10 may choose to send further information with 
the order, such as his preferred payment method, the delivery address, his e- 
mail address, etc. This information can be included in the order either by the 
20 customer himself, by having the CSCIB 18 supply it with a cookie or similar 
automatic means, or from the CIU 14. 

In step 66, the order reaches the SIWS 26 where the SWSIS 28 recognizes 
that the order is coming from a ClU-equipped 14 Customer. 

In step 68, the SWSIS 28 sends the transaction data to the OC 20 via the SIU 
25 24. 
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In step 70, the OC 20 checks that the transaction accords with what is being 
offered on the Web site (in other words, the probability is that this is not a 
bogus order). 

Since the SIWS 26 may not be fully secure, this double check is necessary. 

5 If the OC determines that the transaction data is invalid, the order is aborted 
(step 72). 

Otherwise (step 74), the OC 20 adds a unique order number to the 
transaction data and sends them with approval to the SIU 24. The unique 
order number is used in every subsequent message concerning that order. 
10 The SIU 24 encrypts the transaction data using the Supplier's private key and 
sends the encrypted data and the Supplier's public ID number to the VC 40. It 
can be sent via the SIWS 26, directly via the Internet, or by any other 
communication method or system. 

In step 76, the VC 40 uses the Supplier's public ID number to look up the 
15 Supplier's private key and decrypt the transaction data. Then the VC 40 does 
a preliminary validation (step 78). Typically this would involve checking that 
the Supplier exists and that the order would appear to be for goods or 
services provided by that supplier. 

In step 80, if the preliminary validation fails, the VC 40 aborts the order. 

20 Otherwise (step 82), the VC looks up the private key for Customer (using as 
an index the CPCN 16 or RTCN 22 that was included in the transaction data), 
uses the private key to encrypt the transaction data, and sends the encrypted 
data to the CIU 14 via the CSCIB 18 and the Internet. (The Customer e-mail 
address can entered with the order by the customer, added by the Supplier 

25 from its database, or taken by the VC 40 from the private key lookup table. 
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In step 84 the CIU 14 receives the transaction data, decrypts it, and displays 
the information to the Customer. Typically, this includes a list of products 
ordered, their prices, the payment method, and the total amount to be paid. 
From this point on, the price commitment of the Supplier is considered final. 

5 In step 86, the Customer checks the transaction information and uses the CIU 
14 keypad to confirm or reject the transaction. From this point on, the 
Customer's approval/disapproval of the transaction is considered final. 

In step 88, the CIU 14 encrypts the Customer response using the Customer's 
private key and sends the response and the CPCN 16 to the VC 40. 

10 In step 90, the VC 40 takes the CPCN 16 and looks up the Customer's private 
key, which it then uses to decrypt the response and to see what it is (step 92). 

If the customer's response is negative, the order is aborted (94). 

Otherwise (steps 96, 98), the VC 40 uses standard secure electronic banking 
methods to check the Customer's credit for the payment method that the 
15 Customer has selected. 

If the VC 40 is unable to confirm the Customer's ability to pay (100), the 
transaction is aborted, otherwise (step 102), the VC 40 proceeds to debit the 
Customer's account and credit the Supplier account with the amount of the 
transaction. 

20 The VC 40 encrypts a message confirming payment using the Supplier's 
private key and sends the encrypted message to the SIU 24. 
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In step 104, the SIU 24 decrypts the message and in step 106 checks to see 
whether it is positive (Customer paid). If he didn't pay (step 108), the 
transaction is aborted, otherwise (step 110), the SIU 24, sends the data to the 
OC 20, which checks the approved transaction against the original order 
5 (standard data integrity check) and supplies the Customer with the goods 
and/or services. 

The present invention provides a novel design of a system that provides full 
protection against the theft of information via a communications network.. 
This design of the system for secure transactions via a communications 
10 network makes it particularly suitable for e-commerce transactions via the 
Internet. This is important for preventing unlawful access to Customer and/or 
supplier data and as a consequence promotes the growth of secure e- 
commerce. 

It should be clear that the description of the embodiments and attached 
15 Figures set forth in this specification serves only for a better understanding of 
the invention, without limiting its scope as covered by the following Claims. 

It should also be clear that a person skilled in the art, after reading the 
present specification could make adjustments or amendments to the attached 
Figures and above described embodiments that would still be covered by the 
20 following Claims. 
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C LA I M S 

We claim: 

1 A method for facilitating online commerce between a customer's 
computing device and a supplier's computing device, in cooperation with 
a validating computing device, the method comprising the following steps: 

a providing the customer with a dedicated computing means for 
security-critical parts of the transaction, the computing means having 
capabilities for encryption/decryption known only to the computing 
means and the validating computing device and having user 
input/output means, the customer's dedicated computing means 
communicating with the customer computing device; and 

b providing the supplier with a dedicated computing means for security- 
critical parts of the transaction, the computing means having 
capabilities for encryption/decryption known only to the computing 
means and the validating computing device, the supplier's computing 
means communicating with the supplier's computing device' and, 
through a separate communications channel, with the supplier's 
order-filling computing means; and 

c requesting customer confirmation; and 

d executing payment upon confirmation; and - 

e supplying goods or services. 

2 A method as recited in claim 1, wherein the requesting customer 
confirmation step comprises the following steps: 

a initially validating the customer order on the supplier's order-filling 
computing means; 

b encrypting the order with supplier's private code and sending a 
payment request to the validating computing device; 

c decrypting the order, encrypting with user's private code and sending 

to customer's dedicated computing means; 
d decrypting the order and outputting it to the customer; 



WO 01/92982 



36 



PCT/IL01/00489 



e the customer inputting his or her confirmation; 

f encrypting the confirmation and sending to the validating computing 
device; 

3 A method as recited in claim 1, wherein the executing payment upon 
5 confirmation step comprises the following steps: 

a decrypting the customer confirmation; 

b notifying the customer's payment provider to execute payment; 

c receiving confirmation of payment from said payment provider; 

d encrypting payment confirmation and sending to supplier's dedicated 

10 computing means; 

4 A method as recited in claim 1 , wherein the supplying goods or services 
step comprises the following steps: 

a decrypting the payment confirmation; 

b notifying supplier's order-filling computing means to execute order, 
15 c filling order by providing goods or services to customer. 

5 A method as recited in claim 1, wherein the supplier's order-filling 
computing means checks confirmed order against original order. 

_6 A method, as j recited in claim 1, wherein the method is carried out 
automatically. 

20 7 A method as recited in claim 1, wherein the requesting customer 
confirmation step, the executing payment upon confirmation step, and the 
supplying goods or services step are all carried out online. 

8 A method as recited in claim 1 carried out over the Internet. 

9 A method as recited in claim 1, carried out over an intranet. 

25 10 A method as recited in claim 1, wherein the transaction is initiated at an e- 
commerce Web site. 
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11 A method as recited in claim 1, wherein the method is carried out 
automatically. 

12 A method as recited in claim 1, wherein the validating computing device 
maintains a copy of the transaction. 

5 13 A method as recited in claim 1, wherein the validating computing device 
maintains a database about the transaction. 

14 A method as recited in claim 1, wherein all encrypted messages for a 
given order have a unique identifier known and checked by the supplier's 
order-filling computing means. 

10 15 A method as recited in claim 1, wherein the customer's dedicated 
computing means is a stand-alone device. 

16 A method as recited in claim 1, wherein the customer's dedicated 
computing means is integrated into a remote control unit, the customer's 
computing device is a Web-enabled television set, and the two are 

15 connected via a bidirectional communications means. .\ 

17 A method as recited in claim 1, wherein the customer's dedicated 
computing means is an electronic commerce card; - - 

18 A method as recited in claim 1, wherein the supplier's ^ dedicated 
computing means is a stand-alone device. 

20 19 A method as recited in claim 1, wherein the customer's dedicated 
computing means is provided with user access protection means. 

20 A method as recited in claim 1, wherein the customer input means on the 
customer's dedicated computing means is touch-based, as in a keyboard, 
keypad, or touchscreen and appropriate software. 
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21 A method as recited in claim 1, wherein the customer input means on the 
customer's dedicated computing means is voice-based, as in a 
microphone and voice recognition software. 

22 A method as recited in claim 1, wherein the means for output to the 
5 customer on the customer's dedicated computing means is display- 
based, as in an alpha-numeric or graphical display and appropriate 
software. 

23 A method as recited in claim 1, wherein the means for output to the 
customer on the customer's dedicated computing means is to a port, as in 

10 a parallel port to a printer. 

24 A method as recited in claim 1, wherein the means for output to the 
customer is to a printer integrated into the customer's dedicated 
computing means. 

25 A method as recited in claim 1, wherein the customer has a public 
15 identification code. 

26 A method as recited in claim 1 , wherein the validating computing device 
provides the customer's dedicated computing means with an anonymous 
identification code. 

27 At a customer conducting an online transaction, a method for handling an 
20 order confirmation request from a validating computing device, comprising 

the following steps: 

a providing the customer with a dedicated computing means for 
security-critical parts of the transaction, the computing means having 
capabilities for encryption/decryption known only to the computing 
25 means and the validating computing device and having user 

input/output means, the customer's dedicated computing means 
communicating with the customer computing device; 

b the dedicated computing means receiving an encrypted confirmation 
request from the validating computing device; 
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c decrypting the order and outputting it to the customer; 

d the customer inputting his or her confirmation; 

e encrypting the confirmation and sending to the validating computing 
device; 

28 At a supplier conducting an online transaction, a method for working with 
a validating computing device and an order-filling computing means to 
confirm, bill, and fill a customer order, comprising the following steps: 

a providing the supplier with a dedicated computing means for security- 
critical parts of the transaction, the computing means having 
capabilities for encryption/decryption known only to the computing 
means and the validating computing device, the supplier's computing 
means communicating with the supplier's computing device and, 
through a separate communications channel, with the suppliers 
order-filling computing means; 

b initially validating the customer order on the supplier's order-filling 
computing means; 

c encrypting the order with supplier's private code and sending payment 
request to the validating computing device; 

d decrypting payment confirmation received from validating computing 
device; 

e notifying supplier's order-filling computing means to execute order; 
f filling order by providing goods or services to customer. 

29 A method for facilitating online transactions between a customer's 
computing device and a supplier's computing device, in cooperation with 
a validating computing device, the method comprising the following steps: 

a providing the customer with a dedicated computing means for 
security-critical parts of the transaction, the computing means having 
capabilities for encryption/decryption known only to the computing 
means and the validating computing device and having user 
input/output means, the customer's dedicated computing means 
communicating with the customer computing device; 
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b providing the supplier with a dedicated computing means for security- 
critical parts of the transaction, the computing means having 
capabilities for encryption/decryption known only to the computing 
means and the validating computing device, the supplier's computing 
means communicating with the supplier's computing device and, 
through a separate communications channel, with the supplier's 
order-filling computing means; 

c requesting customer confirmation, comprising the following steps: 

i initially validating the customer order on the supplier's order-filling 
computing means; 

ii encrypting the order with supplier's private code and sending a 
payment request to the validating computing device; 

iii decrypting the order, encrypting with user's private code and 
sending to customer's dedicated computing means; 

iv decrypting the order and outputting it to the customer; 

v the customer inputting his or her confirmation; 

vi encrypting the confirmation and sending to the validating 
computing device; 

d executing payment upon confirmation, comprising the following steps: 

i initially validating the customer order on the supplier's order-filling 
computing means; 

ii decrypting the customer confirmation; 

iii notifying the customer's payment provider to execute payment; 

iv receiving confirmation of payment from said payment provider; 

v encrypting payment confirmation and sending to supplier's 
dedicated computing means; 

e and supplying the goods or services, comprising the following steps: 

i decrypting the payment confirmation; 

ii notifying supplier's order-filling computing means to execute 
order; 

iii filling order by providing goods or services to customer. 
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30 A system for facilitating online transactions between a customer's 
computer device and a supplier's computing device, in cooperation with a 
validating computing device, the system comprising the following: 

a a dedicated customer computing device for security-critical parts of 
the transaction, the computing device having capabilities for 
encryption/decryption known only to the computing device and the 
validating computing device and having user input/output device, the 
customer's dedicated computing device communicating with the 
customer computing device and programmed to receive an order 
confirmation request, decrypt the request, output the request to the 
user (customer), receive the customer's response (input) to the 
confirmation request, encrypt the customer response; and send the 
response to the validating computing device; 

b a dedicated supplier computing device for security-critical parts of the 
transaction, the computing device having capabilities for 
encryption/decryption known only to the computing device and the 
validating computing device, the supplier's computing device 
communicating with the supplier's computing device and, through a 
separate communications channel, with the supplier's order-filling 
computing device and programmed to receive a customer order from 
the supplier's transaction site, encrypt an order and payment 
confirmation request, send the request to the validating computing 
device; receive order and payment confirmed message from the 
validating computing device, and notify the order-filling computing 
device to fill the order. 

c the validating computing device being configured to receive an order 
and payment confirmation request from the dedicated supplier 
computing device, decrypt the request, encrypt an order confirmation 
request for the customer, send the request to the customer, receive 
the customer's response, decrypt the response, notify the customer's 
payment provider to execute payment, receive confirmation of 
payment from said payment provider; encrypt an order and payment 
confirmed message, and send said message to the dedicated 
supplier computing device. 
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31 A system for facilitating online commerce between a customer's 
computing device and a supplier's computing device, in cooperation with 
a validating computing device, the system comprising the following steps: 

a providing the customer with a dedicated computing device for 
security-critical parts of the transaction, the computing device having 
capabilities for encryption/decryption known only to the computing 
device and the validating computing device and having user 
input/output device, the customer's dedicated computing device 
communicating with the customer computing device; and 

b providing the supplier with a dedicated computing device for security- 
critical parts of the transaction, the computing device having 
capabilities for encryption/decryption known only to the computing 
device and the validating computing device, the supplier's computing 
device communicating with the supplier's computing device and, 
through a separate communications channel, with the supplier's 
order-filling computing device; and 

c requesting customer confirmation; and 

d executing payment upon confirmation; and 

e supplying goods or services. 

32 A system as recited in claim 31, wherein the requesting customer 
confirmation step comprises the following steps: 

a initially validating the customer order on the supplier's order-filling 
computing device; 

b encrypting the order with supplier's private code and sending a 
payment request to the validating computing device; 

c decrypting the order, encrypting with user's private code and sending 
to customer's dedicated computing device; 

d decrypting the order and outputting it to the customer; 

e the customer inputting his or her confirmation; 

f encrypting the confirmation and sending to the validating computing 
device; 



WO 01/92982 



PCT/ILO 1/00489 



43 

33 A system as recited in claim 31, wherein the executing payment upon 
confirmation step comprises the following steps: 

a decrypting the customer confirmation; 

b notifying the customers payment provider to execute payment; 

5 c receiving confirmation of payment from said payment provider; 

d encrypting payment confirmation and sending to supplier's dedicated 
computing device; 

34 A system as recited in claim 31, wherein the supplying goods or services 
step comprises the following steps: 

10 a decrypting the payment confirmation; 

b notifying supplier's order-filling computing device to execute order; 
c filling order by providing goods or services to customer. 

35 A system as recited in claim 31, wherein the supplier's order-filling 
computing device verifies that the confirmed order matches the original 

15 order. 

36 A system as recited in claim 31, wherein the method is carried out 
automatically. 

37 A system as recited in claim 31, wherein the requesting customer 
confirmation step, the executing payment upon confirmation step, and the 

20 supplying goods or services step are all carried out online. 

38 A system as recited in claim 31, carried out over the Internet 

39 A system as recited in claim 31, carried out over an intranet 

40 A system as recited in claim 31, wherein the transaction is initiated at an 
e-commerce Web site. 



25 41 A system as recited in claim 31, wherein the method is carried out 
automatically. 
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42 A system as recited in claim 31 , wherein the validating computing device 
maintains a copy of the transaction. 

43 A system as recited in claim 31 , wherein the validating computing device 
maintains a database about the transaction. 

5 44 A system as recited in claim 31, wherein all encrypted messages for a 
given order have a unique identifier known and checked by the supplier's 
order-filling computing device. 

45 A system as recited in claim 31, wherein the customer's dedicated 
computing device is a stand-alone device. 

10 46 A system as recited in claim 31, wherein the customer's dedicated 
computing device is integrated into a remote control unit, the customer's 
computing device is a Web-enabled television set, and the two are 
connected via a bidirectional communications device. 

47 A system as recited in claim 31, wherein the customer's dedicated 
15 computing device is an electronic commerce card; 

48 A system as recited in claim 31, wherein the supplier's dedicated 
computing device is a stand-alone device. 

49 A system as recited in claim 31, wherein the customer's dedicated 
computing device is provided with user access protection device. 

20 50 A system as recited in claim 31 , wherein the customer input device on the 
customer's dedicated computing device is touch-based, as in a keyboard, 
keypad, or touchscreen and appropriate software. 

51 A system as recited in claim 31 , wherein the customer input device on the 
customer's dedicated computing device is voice-based, as in a 
25 microphone and voice recognition software. 
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52 A system as recited in claim 31, wherein the device for output to the 
customer on the customer's dedicated computing device is display-based, 
as in an alpha-numeric or graphical display and appropriate software. 

53 A system as recited in claim 31, wherein the device for output to the 
customer on the customer's dedicated computing device is to a port, as in 
a parallel port to a printer. 

54 A system as recited in claim 31, wherein the device for output to the 
customer is to a printer integrated into the customer device. 

55 A system as recited in claim 31, wherein the customer has a public 
identification code. 

56 A system as recited in claim 31, wherein the validating computing device 
provides the customer's dedicated computing device with an anonymous 
identification code. 

57 At a customer conducting an online transaction, A system for handling an 
order confirmation request from a validating computing device, comprising 
the following steps: 

a providing the customer with a dedicated computing device for 
security-critical parts of the transaction, the computing device having 
capabilities for encryption/decryption known only to the computing 
device and the validating computing device and having user 
input/output device, the customer's dedicated computing device 
communicating with the customer computing device; 

b the dedicated computing device receiving an encrypted confirmation 
request from the validating computing device; 

c decrypting the order and outputting it to the customer; 

d the customer inputting his or her confirmation; 

e encrypting the confirmation and sending to the validating computing 
device; 
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58 At a supplier conducting an online transaction, A system for working with 
a validating computing device and an order-filling computing device to 
confirm, bill, and fill a customer order, comprising the following steps: 

a providing the supplier with a dedicated computing device for security- 
critical parts of the transaction, the computing device having 
capabilities for encryption/decryption known only to the computing 
device and the validating computing device, the supplier's computing 
device communicating with the supplier's computing device and, 
through a separate communications channel, with the supplier's 
order-filling computing device; 

b initially validating the customer order on the supplier's order-filling 
computing device; 

c encrypting the order with supplier's private code and sending payment 
request to the validating computing device; 

d decrypting payment confirmation received from validating computing 
device; 

e notifying supplier's order-filling computing device to execute order; 
f filling order by providing goods or services to customer. 

59 A system for facilitating online transactions between a customer's 
computing device and a supplier's computing device, in cooperation with 

a validating computing device, the method comprising the following steps; 

t - ■ ... 

a providing the customer with a dedicated computing device for 
security-critical parts of the transaction, the computing device having 
capabilities for encryption/decryption known only to the computing 
device and the validating computing device and having user 
input/output device, the customer's dedicated computing device 
communicating with the customer computing device; 
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b providing the supplier with a dedicated computing device for security- 
critical parts of the transaction, the computing device having 
capabilities for encryption/decryption known only to the computing 
device and the validating computing device, the suppliers computing 
5 device communicating with the supplier's computing device and, 

through a separate communications channel, with the supplier's 
order-filling computing device; 

c requesting customer confirmation, comprising the following steps: 

iv initially validating the customer order on the supplier's order-filling 
10 computing device; 

v encrypting the order with supplier's private code and sending a 
payment request to the validating computing device; 

vi decrypting the order, encrypting with user's private code and 
sending to customer's dedicated computing device; 

15 vii decrypting the order and outputting it to the customer; 

viii the customer inputting his or her confirmation; 

ix encrypting the confirmation and sending to the validating 
computing device; 

d executing payment upon confirmation, comprising the following steps: 

20 i initially validating the customer order on the supplier's order-filling 

computing device; 

ii decrypting the customer confirmation; 

iii notifying the customer's payment provider to execute payment; 

iv receiving confirmation of payment from said payment provider; 

25 v encrypting payment confirmation and sending to supplier's 

dedicated computing device; 

e and supplying the goods or services, comprising the following steps: 

i decrypting the payment confirmation; 

ii notifying supplier's order-filling computing device to execute 
30 order; 

iii filling order by providing goods or services to customer. 
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